PRIVACY POLICY
Company: Stay Chill
Registered address: Alla Chiesa 6944, Cureglia, Switzerland
Governing law: Laws of Switzerland (including Swiss Federal Act on Data Protection [FADP] and applicable EU GDPR where required)
Effective date: 01/01/2026
Last updated:01/01/2026
1. Introduction and Data Controller
Stay Chill ("we," "us," "our," or "Company") operates the Website and is the data controller responsible for processing personal data in connection with your use of the Website and services.
For questions or requests regarding privacy, please contact us at [email protected] or write to:
Stay Chill
Alla Chiesa
6944 Cureglia, Switzerland
2. What Personal Data We Collect
We collect and process the following categories of personal data:
2.1 Account and Advertiser Data:
- Username, email address, password (hashed).
- Age verification result (confirmation that User is 18+; underlying ID documents are not stored by us).
- Account creation date and settings.
- If you contact support: communication records, including messages and attachments.
2.2 Billing and Transaction Data:
- Payment method type (e.g., credit card last 4 digits for receipt purposes).
- Transaction history (date, amount, credit bundle purchased).
- Billing address (if provided).
- Invoice and payment records.
- Note: Full payment card details are processed and stored by our PCI-DSS compliant payment service provider, not by Stay Chill.
2.3 Ad and Content Data:
- Text and pictures uploaded in classified ads.
- Metadata: upload date, ad status (published/unpublished), views, and engagement metrics.
- All uploaded content is subject to moderation; moderation results and notes are recorded.
2.4 Age Verification Data:
- Date and result of age verification (confirmation only; no ID document images or personal details).
- Age verification provider used (e.g., Yoti).
2.5 Technical and Usage Data:
- IP address and device information (browser type, operating system, device model).
- Access logs (pages visited, time spent, links clicked).
- Cookies and similar technologies (see Section 9).
- Referral source and referring website.
- Error logs and troubleshooting information.
2.6 Complaint and Moderation Data:
- Records of complaints submitted, including reporter contact info and description.
- Moderation notes and decisions.
- Takedown/removal requests and responses.
- Records maintained for compliance and legal purposes.
3. How We Use Your Personal Data
We process your personal data for the following purposes:
3.1 Service Provision and Account Management:
- Creating and maintaining your account.
- Verifying your age and identity to ensure compliance with our 18+ policy.
- Processing your credit purchases and managing your account balance.
- Sending service updates, password resets, and support responses.
3.2 Content Moderation and Safety:
- Reviewing all ads and pictures before publication to ensure they comply with our content standards.
- Detecting and removing prohibited content (genitalia, sexual acts, trafficking, illegal content, anything mentioned in prohibited content section of Terms and conditions and anything deemed unacceptable by our moderation team sole judgement).
- Monitoring for spam, abuse, and policy violations.
- Handling complaints and removal requests (both the 7-day general complaints and 24-hour non-consensual removal processes).
3.3 Anti-Trafficking and Anti-Exploitation:
- Detecting and investigating suspected cases of human trafficking, sex trafficking, or exploitation.
- Removing exploitative content and suspending/terminating associated accounts.
- Reporting suspected trafficking to law enforcement and competent authorities where required or appropriate.
3.4 Payment Processing and Fraud Prevention:
- Processing non-recurring credit purchases.
- Verifying transactions and preventing fraudulent or unauthorized charges.
- Managing chargebacks and refund requests.
- Complying with payment card network rules (Visa and Mastercard) and PCI-DSS standards.
3.5 Legal Compliance and Record-Keeping:
- Maintaining records required by Swiss law, tax law, and accounting regulations.
- Responding to legal requests from law enforcement or courts.
- Defending against legal claims or disputes.
- Audit and compliance purposes.
3.6 Website Improvement and Analytics:
- Analyzing usage patterns to improve Website features, security, and performance.
- Conducting A/B testing and user experience research.
- Aggregating and anonymizing data for statistical purposes.
**Marketing and Communication (where permitted):**
- Sending promotional emails or newsletters (only with your consent or where permitted by law).
- Informing you of new features, policy changes, or important updates.
4. Legal Basis for Processing
We process personal data based on one or more of the following legal grounds:
- Contractual necessity: Processing required to provide services, process payments, and manage your account (e.g., credit purchases, ad hosting).
- Legal obligation: Compliance with Swiss tax law, accounting regulations, anti-money-laundering rules, and law-enforcement requests.
- Legitimate interest: Website security, fraud prevention, content moderation, anti-trafficking efforts, and service improvement (where not overridden by your rights).
- Consent: Where you have explicitly agreed (e.g., newsletter subscription, optional analytics).
- Public interest / Protection of persons: Anti-trafficking and protection of exploited individuals.
5. Age and Identity Verification
For Users age and identity verification is performed through external third-party age-verification providers such as Yoti.
5.1 How it works
- You submit identity and age documentation to the external provider (Yoti).
- The provider verifies your age and or identity and returns only a confirmation result to Stay Chill (e.g., "age 18+" or "verification confirmed").
5.2 What Stay Chill stores:
- Only the age verification result and timestamp.
- No copies of identity documents, ID numbers, or full personal details.
5.3 Your rights:
- Verification data is retained only as needed for compliance and audit purposes (typically 1-2 years).
- You can request details of what verification information we hold via a data access request (see Section 7).
6. Data Sharing and Recipients
We may share your personal data with the following recipients:
6.1 Payment Service Providers:
- Credit card processors and acquiring banks (to process non-recurring credit purchases).
- These providers operate under strict PCI-DSS standards and data-processing agreements.
- Full card details are not visible to Stay Chill; we receive only transaction confirmation.
6.2 Age Verification Providers:
- Yoti (for age verification in relevant jurisdictions).
- Data is transmitted under strict contractual safeguards; these providers cannot share verification data with other parties or websites.
6.3 Service Providers and Processors:
- Website hosting and infrastructure providers.
- Customer support and ticketing systems.
- Email and communication platforms.
- Analytics and security tools.
- All operate under data-processing agreements with strict confidentiality obligations.
6.4 Law Enforcement and Authorities:
- If required by law, court order, or to protect safety and rights:
- Swiss tax authorities (for tax compliance).
- Police and prosecutor offices (in case of suspected trafficking, exploitation, or other crimes).
- Data protection authorities (if required by law).
- Payment card networks (Visa, Mastercard) for compliance and chargeback investigations.
6.5 Legitimate Business Partners:
- Only with your explicit consent or where necessary for service delivery (e.g., co-hosting or verification partners).
6.6 No Sale or Marketing:
- We do not sell personal data to third parties for marketing or commercial purposes.
- We do not sharedata with advertisers or unrelated companies.
7. Your Privacy Rights
Subject to applicable Swiss and EU data-protection law, you have the following rights:
7.1 Right of Access:
You may request a copy of your personal data held by us, including the categories of data, purposes, and recipients.
7.2 Right of Correction:
You may request correction of inaccurate or incomplete personal data (e.g., email address, account details).
7.3 Right of Erasure (Right to be Forgotten):
You may request deletion of personal data in certain circumstances (e.g., where data is no longer necessary, or where processing is unlawful). We may retain data where required by law or for legitimate legal, safety, or compliance purposes.
7.4 Right to Restrict Processing:
You may request that we limit processing of your data (e.g., keep it but do not use it) in certain situations.
7.5 Right to Withdraw Consent:
If we process your data based on your consent, you may withdraw that consent at any time (e.g., unsubscribe from newsletters). This does not affect the lawfulness of prior processing.
7.6 Right to Object:
You may object to processing based on legitimate interests or for marketing purposes.
7.7 Right to Data Portability:
You may request a copy of your data in a structured, commonly-used format for transfer to another service (where technically feasible).
7.8 How to Exercise Your Rights:
To exercise any of these rights, please contact us at [email protected] with:
- Your name and account email.
- A clear description of your request.
- Any supporting documentation (e.g., copy of your ID if requesting data deletion).
We will respond within 30 days (or as required by applicable law). If your request is complex or requires additional verification, we may extend the timeline and notify you.
8. Data Retention
We retain personal data for as long as necessary for the purposes outlined in Section 3, taking into account applicable law and legitimate business needs:
8.1 Account and Advertiser Data:
- Retained during the lifetime of your account.
- If you delete your account, data is retained for 365 days in case of chargebacks or disputes, then securely deleted.
8.2 Billing and Transaction Data:
- Retained for a minimum of 7 years for Swiss tax and accounting compliance.
- Invoices and payment records are retained for the statutory period required by Swiss law.
8.3 Ad and Content Data:
- Ads are retained while published; deleted ads are removed from public view but metadata and moderation notes may be retained for compliance and legal purposes.
8.4 Age Verification Data:
- Verification results retained for 2 years for audit and compliance purposes.
8.5 Complaint and Moderation Records:
- Retained for the duration of the account plus years to demonstrate compliance and defend against eventual disputes that may arise .
8.6 Technical and Usage Data:
- Access logs retained for 365 days for security and troubleshooting.
8.7 Marketing Data:
- If you've opted into marketing, retained until you unsubscribe.
After the applicable retention period, data is securely deleted or anonymizedso that it can no longer be linked to you.
9. Cookies and Similar Technologies
9.1 What are cookies?
Cookies are small text files stored on your device that allow us to recognize you and remember your preferences.
9.2 Types of cookies we use:
| **Type** | **Purpose** |
|---|---|
| **Essential / Functional** | Login, session management, security, form submission |
| **Preference** | Remember your language, theme, or display settings |
| **Analytics** | Understand how you use the Website (Google Analytics, etc.) |
| **Advertising** | (If applicable) Show relevant ads; used only with consent |
9.3 Your choices:
- You can disable cookies via your browser settings, though this may affect Website functionality.
- For analytics and marketing cookies, you can opt-out
- EU users: We comply with GDPR cookie consent requirements and provide opt-in/opt-out mechanisms.
10. Data Security
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, or misuse, including:
- Encryption:Data in transit is encrypted (SSL/TLS); sensitive data at rest is encrypted.
- Access controls: Only authorized personnel with a legitimate need have access to personal data.
- Confidentiality obligations: All staff and service providers are bound by confidentiality agreements.
- Firewalls and intrusion detection: Network protections monitor unauthorized access attempts.
- Regular audits:We conduct periodic security reviews and vulnerability assessments.
- PCI-DSS compliance: Payment card data is handled under strict PCI-DSS standards.
However, no system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. You are responsible for keeping your password confidential.
11. International Data Transfers
General: Stay Chill is based in Switzerland and primarily processes data in Switzerland and the EU.
11.1 Transfers Outside the EEA:
If personal data is transferred outside the European Economic Area (e.g., to service providers in other countries), we ensure appropriate safeguards are in place:
- Standard contractual clauses (SCCs) approved by the EU Commission.
- Your explicit consent where required.
- Adequate adequacy decisions by relevant authorities.
11.2 Your consent:
By using the Website, you consent to the transfer of your data as described, where legally necessary.
12. Data Subject Rights and Complaints
12.1 Exercising your rights:
To request access, correction, deletion, or to exercise any other right, contact us at [email protected] . We will verify your identity and respond within 30 days (or as required by law).
12.2 Complaints:
If you believe your privacy rights have been violated, you have the right to lodge a complaint with the competent Swiss data protection authority or, if applicable, your country's data protection regulator (e.g., the Italian DPA or a national authority in your jurisdiction).
Contact details for the wiss Federal Office of Justice (OFJ) – Data Protection Division:
- Website: https://www.bj.admin.ch/bj/en/home.html
- Email: Check official website for current contact
13. Third-Party Links and Websites
The Website may contain links to third-party websites, apps, or services (e.g., payment processors, age verifiers). These third parties have their own privacy policies and are responsible for their own data practices.
We are not responsible for third-party privacy practices. We encourage you to review their privacy policies before providing personal data.
14. Children and Minors
The Website is not intended for persons under 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided data, we will promptly delete it and may terminate their account.
If you are a parent or guardian and believe a minor has accessed the Website, please contact us immediately at [email protected] .
15. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in law or regulation.
- Updates to our data practices.
- Improvements in security or technology.
The “Last updated" date at the top of this document will be amended. Material changes will be communicated to Users via email or a prominent notice on the Website.
Continued use of the Website after changes take effect means you accept the updated Privacy Policy.
16. Contact Us
For questions, requests, or complaints regarding this Privacy Policy or your data, please contact:
Stay Chill
Alla Chiesa
6944 Cureglia, Switzerland
Email: [email protected]
Support: [email protected]
We are committed to protecting your privacy and will respond to all inquiries within 30 days.